Search in sources :

Example 1 with SignedMessagePayload

use of snowblossom.proto.SignedMessagePayload in project snowblossom by snowblossomcoin.

the class CertGen method generateSelfSignedCert.

/**
 * @param key_pair Key pair to use to sign the cert inner signed message, the node key
 * @param tls_wkp The temporary key to use just for this cert and TLS sessions
 * @param spec Address for 'key_pair'
 */
public static X509Certificate generateSelfSignedCert(WalletKeyPair key_pair, WalletKeyPair tls_wkp, AddressSpec spec) throws Exception {
    AddressSpecHash address_hash = AddressUtil.getHashForSpec(spec);
    String address = AddressUtil.getAddressString(Globals.NODE_ADDRESS_STRING, address_hash);
    byte[] encoded_pub = tls_wkp.getPublicKey().toByteArray();
    SubjectPublicKeyInfo subjectPublicKeyInfo = new SubjectPublicKeyInfo(ASN1Sequence.getInstance(encoded_pub));
    String dn = String.format("CN=%s, O=Snowblossom", address);
    X500Name issuer = new X500Name(dn);
    BigInteger serial = BigInteger.valueOf(System.currentTimeMillis());
    Date notBefore = new Date(System.currentTimeMillis());
    Date notAfter = new Date(System.currentTimeMillis() + 86400000L * 365L * 10L);
    X500Name subject = issuer;
    X509v3CertificateBuilder cert_builder = new X509v3CertificateBuilder(issuer, serial, notBefore, notAfter, subject, subjectPublicKeyInfo);
    // System.out.println(org.bouncycastle.asn1.x509.Extension.subjectAlternativeName);
    ASN1ObjectIdentifier snow_claim_oid = new ASN1ObjectIdentifier("2.5.29.134");
    // System.out.println(spec);
    SignedMessagePayload payload = SignedMessagePayload.newBuilder().setTlsPublicKey(tls_wkp.getPublicKey()).build();
    SignedMessage sm = MsgSigUtil.signMessage(spec, key_pair, payload);
    byte[] sm_data = sm.toByteString().toByteArray();
    cert_builder.addExtension(snow_claim_oid, true, sm_data);
    String algorithm = "SHA256withRSA";
    AsymmetricKeyParameter privateKeyAsymKeyParam = PrivateKeyFactory.createKey(tls_wkp.getPrivateKey().toByteArray());
    AlgorithmIdentifier sigAlgId = new DefaultSignatureAlgorithmIdentifierFinder().find(algorithm);
    AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
    // ContentSigner sigGen = new BcECContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
    ContentSigner sigGen = new BcRSAContentSignerBuilder(sigAlgId, digAlgId).build(privateKeyAsymKeyParam);
    X509CertificateHolder certificateHolder = cert_builder.build(sigGen);
    X509Certificate cert = new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
    return cert;
}
Also used : SignedMessagePayload(snowblossom.proto.SignedMessagePayload) SignedMessage(snowblossom.proto.SignedMessage) ContentSigner(org.bouncycastle.operator.ContentSigner) ByteString(com.google.protobuf.ByteString) X500Name(org.bouncycastle.asn1.x500.X500Name) SubjectPublicKeyInfo(org.bouncycastle.asn1.x509.SubjectPublicKeyInfo) DefaultDigestAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder) Date(java.util.Date) X509Certificate(java.security.cert.X509Certificate) AlgorithmIdentifier(org.bouncycastle.asn1.x509.AlgorithmIdentifier) DefaultSignatureAlgorithmIdentifierFinder(org.bouncycastle.operator.DefaultSignatureAlgorithmIdentifierFinder) BcRSAContentSignerBuilder(org.bouncycastle.operator.bc.BcRSAContentSignerBuilder) AsymmetricKeyParameter(org.bouncycastle.crypto.params.AsymmetricKeyParameter) X509v3CertificateBuilder(org.bouncycastle.cert.X509v3CertificateBuilder) JcaX509CertificateConverter(org.bouncycastle.cert.jcajce.JcaX509CertificateConverter) X509CertificateHolder(org.bouncycastle.cert.X509CertificateHolder) BigInteger(java.math.BigInteger) AddressSpecHash(snowblossom.lib.AddressSpecHash) ASN1ObjectIdentifier(org.bouncycastle.asn1.ASN1ObjectIdentifier)

Example 2 with SignedMessagePayload

use of snowblossom.proto.SignedMessagePayload in project snowblossom by snowblossomcoin.

the class MsgSigUtil method validateSignedMessage.

public static SignedMessagePayload validateSignedMessage(SignedMessage sm, NetworkParams params) throws ValidationException {
    try {
        SignedMessagePayload payload = SignedMessagePayload.parseFrom(sm.getPayload());
        ByteString signature = sm.getSignature();
        AddressSpec claim = payload.getClaim();
        if ((claim.getRequiredSigners() != 1) || (claim.getSigSpecsCount() != 1)) {
            throw new ValidationException("Multisig not supported");
        }
        MessageDigest md = DigestUtil.getMD();
        byte[] hash = md.digest(sm.getPayload().toByteArray());
        SigSpec sig_spec = claim.getSigSpecs(0);
        if (!SignatureUtil.checkSignature(sig_spec, ByteString.copyFrom(hash), signature)) {
            throw new ValidationException("Signature match failure");
        }
        if (payload.getTimestamp() > params.getMaxClockSkewMs() + System.currentTimeMillis()) {
            throw new ValidationException("Signed message too far into future");
        }
        return payload;
    } catch (com.google.protobuf.InvalidProtocolBufferException e) {
        throw new ValidationException(e);
    }
}
Also used : ValidationException(snowblossom.lib.ValidationException) ByteString(com.google.protobuf.ByteString) SignedMessagePayload(snowblossom.proto.SignedMessagePayload) SigSpec(snowblossom.proto.SigSpec) MessageDigest(java.security.MessageDigest) AddressSpec(snowblossom.proto.AddressSpec)

Example 3 with SignedMessagePayload

use of snowblossom.proto.SignedMessagePayload in project snowblossom by snowblossomcoin.

the class MsgSigUtil method signMessage.

/**
 * @param starting_payload should have of oneof z specified for the body.
 */
public static SignedMessage signMessage(AddressSpec claim, WalletKeyPair wkp, SignedMessagePayload starting_payload) throws ValidationException {
    if ((claim.getRequiredSigners() != 1) || (claim.getSigSpecsCount() != 1)) {
        throw new ValidationException("Multisig not supported");
    }
    SignedMessagePayload.Builder payload = SignedMessagePayload.newBuilder();
    payload.mergeFrom(starting_payload);
    payload.setTimestamp(System.currentTimeMillis());
    payload.setClaim(claim);
    ByteString payload_data = payload.build().toByteString();
    SignedMessage.Builder signed = SignedMessage.newBuilder();
    signed.setPayload(payload_data);
    MessageDigest md = DigestUtil.getMD();
    byte[] hash = md.digest(payload_data.toByteArray());
    signed.setSignature(SignatureUtil.sign(wkp, ByteString.copyFrom(hash)));
    return signed.build();
}
Also used : ValidationException(snowblossom.lib.ValidationException) ByteString(com.google.protobuf.ByteString) SignedMessagePayload(snowblossom.proto.SignedMessagePayload) SignedMessage(snowblossom.proto.SignedMessage) MessageDigest(java.security.MessageDigest)

Example 4 with SignedMessagePayload

use of snowblossom.proto.SignedMessagePayload in project snowblossom by snowblossomcoin.

the class PeerUtil method isSane.

public static boolean isSane(PeerInfo a, NetworkParams params) {
    if (a.toByteString().size() > 16000)
        return false;
    if (a.getHost().length() < 1)
        return false;
    if (a.getHost().length() > 255)
        return false;
    if (a.getPort() <= 0)
        return false;
    if (a.getPort() > 65535)
        return false;
    if (!HexUtil.getSafeString(a.getHost()).equals(a.getHost()))
        return false;
    if (!HexUtil.getSafeString(a.getVersion()).equals(a.getVersion()))
        return false;
    if (a.getNodeId().size() > Globals.MAX_NODE_ID_SIZE)
        return false;
    if (a.getLastChecked() > System.currentTimeMillis())
        return false;
    if (a.getLastPassed() > System.currentTimeMillis())
        return false;
    if (a.getLearned() > System.currentTimeMillis())
        return false;
    if (a.getNodeSnowAddress().size() > Globals.ADDRESS_SPEC_HASH_LEN)
        return false;
    if (a.getTrustnetAddress().size() > Globals.ADDRESS_SPEC_HASH_LEN)
        return false;
    for (int shard_id : a.getShardIdSetList()) {
        if (shard_id < 0)
            return false;
        if (shard_id > params.getMaxShardId())
            return false;
    }
    // If there is a claim of a trustnet, it must be signed
    if (a.getTrustnetAddress().size() > 0) {
        try {
            SignedMessagePayload payload = MsgSigUtil.validateSignedMessage(a.getTrustnetSignedPeerInfo(), params);
            PeerInfo b = payload.getPeerInfo();
            AddressSpec claim = payload.getClaim();
            AddressSpecHash signed_by = AddressUtil.getHashForSpec(claim);
            if (!signed_by.equals(a.getTrustnetAddress()))
                return false;
            // At this point, the peer info has a signed version and it is signed by the claimed trustnet address
            if (!a.getHost().equals(b.getHost()))
                return false;
            if (a.getPort() != b.getPort())
                return false;
            if (ByteStringComparator.compareStatic(a.getNodeId(), b.getNodeId()) != 0)
                return false;
            if (ByteStringComparator.compareStatic(a.getNodeSnowAddress(), b.getNodeSnowAddress()) != 0)
                return false;
            if (ByteStringComparator.compareStatic(a.getTrustnetAddress(), b.getTrustnetAddress()) != 0)
                return false;
            TreeSet<Integer> a_set = new TreeSet<Integer>();
            a_set.addAll(a.getShardIdSetList());
            TreeSet<Integer> b_set = new TreeSet<Integer>();
            b_set.addAll(b.getShardIdSetList());
            if (!a_set.equals(b_set))
                return false;
        } catch (ValidationException e) {
            return false;
        }
    }
    return true;
}
Also used : PeerInfo(snowblossom.proto.PeerInfo) TreeSet(java.util.TreeSet) SignedMessagePayload(snowblossom.proto.SignedMessagePayload) AddressSpec(snowblossom.proto.AddressSpec)

Aggregations

SignedMessagePayload (snowblossom.proto.SignedMessagePayload)4 ByteString (com.google.protobuf.ByteString)3 MessageDigest (java.security.MessageDigest)2 ValidationException (snowblossom.lib.ValidationException)2 AddressSpec (snowblossom.proto.AddressSpec)2 SignedMessage (snowblossom.proto.SignedMessage)2 BigInteger (java.math.BigInteger)1 X509Certificate (java.security.cert.X509Certificate)1 Date (java.util.Date)1 TreeSet (java.util.TreeSet)1 ASN1ObjectIdentifier (org.bouncycastle.asn1.ASN1ObjectIdentifier)1 X500Name (org.bouncycastle.asn1.x500.X500Name)1 AlgorithmIdentifier (org.bouncycastle.asn1.x509.AlgorithmIdentifier)1 SubjectPublicKeyInfo (org.bouncycastle.asn1.x509.SubjectPublicKeyInfo)1 X509CertificateHolder (org.bouncycastle.cert.X509CertificateHolder)1 X509v3CertificateBuilder (org.bouncycastle.cert.X509v3CertificateBuilder)1 JcaX509CertificateConverter (org.bouncycastle.cert.jcajce.JcaX509CertificateConverter)1 AsymmetricKeyParameter (org.bouncycastle.crypto.params.AsymmetricKeyParameter)1 ContentSigner (org.bouncycastle.operator.ContentSigner)1 DefaultDigestAlgorithmIdentifierFinder (org.bouncycastle.operator.DefaultDigestAlgorithmIdentifierFinder)1